package cn.my.framework.config.security;

import cn.my.framework.util.ConstantData;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

/**
 * Created by zhangl_lc on 2017/7/5.
 * 1.securedEnabled: Spring Security’s native annotation
 * 2.jsr250Enabled: standards-based and allow simple role-based constraints
 * 3.prePostEnabled: expression-based
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private MyUserDetailsService myUserDetailService;

    @Autowired
    private MySecurityFilterInterceptor mySecurityFilterInterceptor;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.headers().frameOptions().disable();
        if(ConstantData.securityEnable){
            //http.portMapper().http(80).mapsTo(443);
            http.addFilterBefore(mySecurityFilterInterceptor, FilterSecurityInterceptor.class);

            http.csrf().disable()
                    .authorizeRequests()
                    //.accessDecisionManager(myAccessDecisionManager)
                    //.antMatchers("/autoconfig","/configprops","/beans").permitAll()
                    //fullyAuthenticated()
                    .anyRequest().authenticated()
                    .and().formLogin().loginPage("/login").defaultSuccessUrl("/index")
                    .usernameParameter("username").passwordParameter("password").permitAll()
                    .and().logout().logoutUrl("/logout").permitAll()
                    .invalidateHttpSession(true)
                    .and().exceptionHandling().accessDeniedPage("/403")
                    .and().sessionManagement().maximumSessions(1).expiredUrl("/expired")
            ;
        }
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        /*web.ignoring().antMatchers("/js*//**", "/css*//**", "/images*//**", "/bootstrap*//**","/favicon.ico",
                "/h2console*//**","/dump","/autoconfig","/beans","/mappings","/info","/druid*//**","/layui*//**","/baidu*//**");*/
        //web.ignoring().antMatchers("/**");
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailService);
        //auth.userDetailsService(myUserDetailService).passwordEncoder(new Md5PasswordEncoder());
        //auth.inMemoryAuthentication().withUser("test").password("123456").roles("role1","role2");
    }
}
